oss-sec mailing list archives
CVE Request: python-pip insecure temporary directory handling
From: David Black <disclosure () d1b org>
Date: Thu, 21 Mar 2013 01:13:15 +1100
Prior to version 1.3 pip used '/tmp/pip-build' as a temporary directory and as per the report in https://github.com/pypa/pip/issues/725 would follow a symbolic link placed at '/tmp/pip-build' when writing temporary files.
Current thread:
- CVE Request: python-pip insecure temporary directory handling David Black (Mar 20)
- Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 21)
- Re: CVE Request: python-pip insecure temporary directory handling David Black (Mar 22)
- Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 22)
- Re: CVE Request: python-pip insecure temporary directory handling David Black (Mar 22)
- Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 21)